You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ar...@fr.thalesgroup.com on 2001/06/13 13:20:43 UTC

SSL + tomcat: problems

Thank you for your response.
Unfortunally, I tried you said on my one but without any further success:

In fact I generate all my certificates with openssl.
I have got a CA root certificate integrated in Internet Explorer.
I have got a client certificate certified by this CA root certificate.
both certificates are said to be valid by IE.

In addition I made a little soft to generate a keystore containing 
a private key, a chain of two certificates containing: 
-an SSL server certicate ( corresponding to that private key)  
-the CA root certificate.

When I try an on line server Authentication, It goes well.
But when I suggest clientAuth= true, 
IE displays an empty list of certificates... :o(
I would like it to display at least my client certificate....
I believe my certificates are not really valid at all even if they're
recognized by IE as valid...

Could it be possible to make tests with your own certificates.
Or is there an easier way to generate them.
Thank you very much for your interest in my problem!!
Arnaud.

Actually,
	when trying with any browser, u have to configure ur client and ca
cert
in the browser keystore.
	when thru' code also, have to put both certs and ur ca cert in the
keystore
that u specified in server.xml.
once u configure, browser show the client cert when clientAuth=true.

try with this

Rams
+91-040-3000401 x 2162 (O)
+91-040-6313447 (R)


-----Original Message-----
From: Arnaud.PIERRE@fr.thalesgroup.com
[mailto:Arnaud.PIERRE@fr.thalesgroup.com]
Sent: Tuesday, June 12, 2001 6:59 PM
To: tomcat-user@jakarta.apache.org
Subject: SSL +tomcat


hello all,

I am testing Tomcat standalone with client authentication on, and getting
some odd results.  It works fine if client authentication is not turned on
(for both IE and Netscape browsers).  If I turn on client authentication,
Netscape claims that I do not have a personal certificate, and IE asks me to
choose from an empty list of certificates.
Any ideas on the problem with the certificate request when I use Tomcat
standalone?  Is there some configuration to indicate the type of certificate
the server is requesting?  I am using both client & server certificates
generated by Openssl.
More precisely I have an Server Certificate stored in Keystore (Tomcat side)
and a client
Certificate integrated in my browser. Both certificates are signed by a CA
Authority whose
certificate is on my browser too.
This problem has been already encoutered by many people
(bnelson@extricity.com for example)
Many thanks,
Arnaud Pierre.

PS: I use tomcat 4.0b5 and IE5.00.2314.1003